Hi, did you set it to disabled or not configured? Do you have the auto-enrollment configured and do you have the Enrollment Status page active?
If you have set it to disabled and auto-enrollment with Enrollment Status page set, the setting should be on the device before the Pin creation dialog would get the chance to pop up and therefore it would be effectively prevented.
So this might be a race condition. The status page makes sure all policies are in place befor the desktop is loaded. In your case the WHfB disable setting might not be there as the desktop loads and the PIN dialog is shown. try set the status page and test again.
i found out what was going wrong. It happend on the devices i gave a fresh start in Intune with autopilot.
Apparently there is a problem that the device get unenrolled from intune. But not from Azure AD.
So after giving a fresh start (without retaining user data) the device becomes unmanagable, does not sync the settings from intune) and so does not sync the Hello setting.
Unfortunately is don`t understand why Microsoft does this like this. Because this makes the Fresh start option when u dont want to retain the user data, completely usesless. I hope the AutoPilot reset becomes available quickly because i think that would solve this issue :)